tcpdump and Iptables
Jose Maria Lopez
jkerouac at eresmas.com
Thu Sep 2 22:25:56 CEST 2004
El jue, 02 de 09 de 2004 a las 19:56, CC escribió:
> Hi,
>
> I think I've asked this before here, but I
> don't remember what the answer was.
>
> If I have iptables running and I do a
> tcpdump -i eth0, at what point is
> tcpdump listening to the connection?
>
> I'm trying to troubleshoot my firewall,
> but am not seeing the right behaviour
> as the packets that I'm trying to block
> by the following command:
>
> $IPTABLES -A FORWARD -i eth1 -p tcp \
> -d 192.168.7.1 -j DROP
>
> But I still get tcp packets going to
> 192.168.7.1.
Wouldn't it work if you use -o eth1 instead of
-i eth1. Where it's situated 192.168.7.1? If
the routes says it has to go through eth1 to
get to 192.168.7.1 then you need -o.
Or maybe you have packets routed through other
interfaces, not eth1. Or maybe the packets
are being originated in the same firewall, so
the FORWARD rule does not apply.
>
> And wouldn't :
>
> $IPTABLES -A FORWARD -i eth1 -p tcp \
> -s 192.168.7.1 -j DROP
>
> in effect disables all access to the
> internet for machine IP 192.168.7.1?
>
> But my main query is about the
> relationship between the packets that
> TCPDUMP sees and where the packets
> are within the packet filtering
> process.
>
> Thanks
--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac at bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
More information about the netfilter
mailing list